Trust & Security

• Web (pricekeel.com) — Vercel, United States (us-east-1) with global edge.
• API (api.pricekeel.com) — Render, United States (Virginia).
• Database (leads + access codes) — Supabase Postgres, United States (us-east-1).

The complete subprocessor list with DPA links is at /subprocessors.

• Row-level deal data uploaded for diagnostics is processed in memory and not persisted after the analysis completes.
• Documents you upload to the copilot are chunked + embedded in memory; raw documents are not written to disk on the API server.
• Competitor pricing pages are cached for a maximum of one hour in memory only, never persisted.
• We do not use Customer Data to train any model, and our LLM providers operate under zero-retention terms for the data we send them.

• In transit: TLS 1.2+ enforced everywhere (HSTS preload-eligible, no plaintext endpoints).
• At rest: Supabase encrypts the database at rest by default (AES-256). Render and Vercel encrypt their storage volumes at rest.
• Secrets (API keys, database service-role key, app signing secret) are stored in Vercel/Render encrypted environment variable stores and never appear in the codebase.

• Only the founder has admin access to production infrastructure (Vercel, Render, Supabase, GoDaddy DNS). MFA enforced on every account.
• The Supabase database is reached server-side only with the service-role key. The browser-side anon key is not exposed and no public client has direct database access.
• Two-tier funnel gate: the captured-lead cookie unlocks the sample diagnostic; the access-code cookie unlocks customer data upload. Access codes are issued only after a signed NDA.

• The cloud LLM (OpenAI) sees only aggregate analysis figures, column header names, the document chunks you upload, your question text, and (for competitor watch) the public pricing- page text you submit. Row-level deal data is never sent to the cloud LLM.
• Recommendations are generated by deterministic Python code; the LLM only narrates them. Every dollar figure traces to a key in the analysis dict — the LLM is forbidden in its system prompt from inventing numbers.
• Every decision the copilot surfaces is logged with its supporting math, so a CFO can audit any recommendation back to the source signal.

• Change management: every production change ships through a GitHub pull request with a CI build. The main branch deploys automatically; preview branches deploy to isolated URLs.
• Backups: Supabase performs automated daily backups. Code is mirrored on GitHub.
• Monitoring: Render health-check probes /health every minute. Error tracking is in implementation; this page will be updated when it lands.
• Incident response: we will notify affected customers within 72 hours of becoming aware of a confirmed breach involving their data. Notification goes to the email address on file.

• GDPR + UK GDPR: data subject rights honored; Standard Contractual Clauses in place via subprocessor DPAs; lawful basis for lead-form data is consent.
• CCPA / CPRA: we do not sell or share personal information.
• EU AI Act:the Pricekeel diagnostic and copilot are informational systems with human-in-the-loop decision-making; we treat them as “limited risk” under the Act and disclose AI involvement everywhere it appears.
• SOC 2: not yet certified. The controls described above are implemented; external Type I audit is planned once the customer base supports the spend.
• HIPAA / PCI / FedRAMP: not in scope. We do not process protected health information, cardholder data, or U.S. government data.

If you believe you have found a security vulnerability in Pricekeel, please email adhithya@pricekeel.com rather than disclosing it publicly. We will acknowledge within two business days and work with you on a coordinated disclosure. We do not yet offer a paid bug bounty.